Sending ICMP traffic requires a raw socket which needs root to open. To that end, the ping command is normally installed suid root, though these days there are ways to selectively give programs extended privileges like that. Sometimes people do system hardening which removes the setuid bit on ping, requiring sudo to make it work.

What do you know... TIL.

The -f (flood) option requires that you be root, even when the binary is setuid root.

Check your local linux box with:

  file /bin/ping

and you will see that it is setuid to root.

I think it depends on the distribution: https://wiki.archlinux.org/index.php/Capabilities seems to imply that ping could be used with CAP_NET_RAW capability instead of setuid root. http://blog.siphos.be/2013/05/capabilities-a-short-intro/ suggests that as well.